Application for teen monitoring exposed thousands of Apple ID passwords
According to the experts, Teen monitoring app called TeenSafe has stored information, including Apple ID emails and passwords on unprotected Amazon's Cloud. Likewise, thousands of sensitive details of both, children and parents were accessible easily.
This application is primarily designed to help parents track their children. This includes showing messages, social media activity, location, call history, which apps they have installed and their browser's history. The saddest thing is that TeenSafe requires not to use two-factor authentication of child's phone. This makes the criminals to access data on the smartphone even easier.
Once the security researcher Robert Wiggins has reported about the unprotected servers of the company, they have pulled them offline immediately:
We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted <…>
The exposed information didn't contain personal details
Even though leaked Apple ID emails and passwords can do enough harm, luckily, records didn't contain private data. In other terms, there were no locations, messages, photos and additional highly sensitive information that might have also been exposed.
The spokesman of TeenSafe claims the following:
Shortly before the server went offline, there were at least 10,200 records from the past three months containing customers data — but some are duplicates. One of the servers appeared to store test data, but it’s not known if there are other exposed servers with additional data.
Although, we strongly recommend users to be extremely cautious. There is no reliable information to claim that other data is not at risk as well.
Security experts have started contacting the victims
Unfortunately, it is still unknown why the company has stored Apple ID passwords in plain text. According to their website, they claim to use encryption to protect data in case of a breach. However, TeenSafe is now under investigation and will provide more information later.
In the meanwhile, the experts have started contacting the victims whose emails and passwords were leaked. Luckily, some of them have responded and taken action to protect their Apple ID accounts. The specialists have decided not to contact children immediately in order to avoid panic.
Although, some of the exposed emails were related to their high schools, so it is a must to either inform the parents or the kids. Also, we strongly advise you always to use two-factor authentication in case of such data breaches.